# ossim agent configuration file

[control-framework]

# enable the control framework
enable = True

# define the unique ID of this agent
id = "<%= @agent_id %>"

# define the host:port of the frameworkd instance
ip = <%= @server_ip %>
port = 40003


# general
#
[daemon]
daemon = True
pid = /var/run/ossim-agent.pid


[log]
file = /var/log/ossim/agent.log
error = /var/log/ossim/agent_error.log
stats = /var/log/ossim/agent_stats.log

# uncomment this line if you want to log to a remote syslog
# remember you need to startup syslog with the -r option to enable 
# the facility to receive messages from the network
#syslog = localhost

# verbose level
#
# these are the levels allowed by agent:
# debug, info, warning, error and critical
#
# you can use the -v and -vv command line
# arguments to increse this verbose level
verbose = info

# default values, can be overriden in each plugin rule
[plugin-defaults]
sensor = <%= @sensor_ip %>
interface = any
date_format = %Y-%m-%d %H:%M:%S ; format, not date itself
ossim_dsn=mysql:localhost:ossim:root:yoursecretpassword
tzone=<%= @timezone %>
ctx=
[watchdog]
enable = True
interval = 180         ; seconds between checks
restart_interval=3600 ; seconds between plugin process restart


# output
#

# write events into a plain file (server injectable)
[output-plain]
enable = False
file = /var/log/ossim/agent-plain.log

# send events and receive/send control messages from/to server
[output-server]
enable = True
ip = <%= @server_ip %>
port = 40001
send_events = True


[output-idm]
enable=True
ip=<%= @server_ip %>
port=40002

# plugins
# (list of plugins to be loaded)
#
[plugins]

# detectors
#
#apache=/etc/ossim/agent/plugins/apache.cfg
#arpwatch=/etc/ossim/agent/plugins/arpwatch.cfg
#cisco-ids=/etc/ossim/agent/plugins/cisco-ids.cfg
#cisco-pix=/etc/ossim/agent/plugins/cisco-pix.cfg
#cisco-router=/etc/ossim/agent/plugins/cisco-router.cfg
#cisco-vpn=/etc/ossim/agent/plugins/cisco-vpn.cfg
#cisco-ips=/etc/ossim/agent/plugins/cisco-ips.cfg
#clamav=/etc/ossim/agent/plugins/clamav.cfg
#clurgmgr=/etc/ossim/agent/plugins/clurgmgr.cfg
#fw1ngr60=/etc/ossim/agent/plugins/fw1ngr60.cfg
#gfi=/etc/ossim/agent/plugins/gfi.cfg
#heartbeat=/etc/ossim/agent/plugins/heartbeat.cfg
#iis=/etc/ossim/agent/plugins/iis.cfg
#intrushield=/etc/ossim/agent/plugins/intrushield.cfg
#iphone=/etc/ossim/agent/plugins/iphone.cfg
#iptables=/etc/ossim/agent/plugins/iptables.cfg
#kismet=/etc/ossim/agent/plugins/kismet.cfg
#mwcollect=/etc/ossim/agent/plugins/mwcollect.cfg
#nagios=/etc/ossim/agent/plugins/nagios.cfg
#netgear=/etc/ossim/agent/plugins/netgear.cfg
#netscreen-manager=/etc/ossim/agent/plugins/netscreen-manager.cfg
#netscreen-nsm=/etc/ossim/agent/plugins/netscreen-nsm.cfg
#netscreen-firewall=/etc/ossim/agent/plugins/netscreen-firewall.cfg
#ntsyslog=/etc/ossim/agent/plugins/ntsyslog.cfg
#osiris=/etc/ossim/agent/plugins/osiris.cfg
#ossec=/etc/ossim/agent/plugins/ossec.cfg<% if @include_ossec == true %>
ossec=/etc/ossim/agent/plugins/ossec.cfg
<% end -%>
#ossim-agent=/etc/ossim/agent/plugins/ossim-agent.cfg
#p0f=/etc/ossim/agent/plugins/p0f.cfg
#pads=/etc/ossim/agent/plugins/pads.cfg
#pam_unix=/etc/ossim/agent/plugins/pam_unix.cfg
#postfix=/etc/ossim/agent/plugins/postfix.cfg
#radiator=/etc/ossim/agent/plugins/radiator.cfg
#realsecure=/etc/ossim/agent/plugins/realsecure.cfg
#rrd=/etc/ossim/agent/plugins/rrd.cfg
#snortunified=/etc/ossim/agent/plugins/snortunified.cfg
<% if @include_snort == true %><% @snort_interfaces.each do |snortiface| -%>
snortunified<%= snortiface %>=/etc/ossim/agent/plugins/snortunified<%= snortiface %>.cfg
<% end %><% end -%>
#spamassassin=/etc/ossim/agent/plugins/spamassassin.cfg
#squid=/etc/ossim/agent/plugins/squid.cfg
#symantec-ams=/etc/ossim/agent/plugins/symantec-ams.cfg
#ssh=/etc/ossim/agent/plugins/ssh.cfg
#stonegate=/etc/ossim/agent/plugins/stonegate.cfg
#sudo=/etc/ossim/agent/plugins/sudo.cfg
#syslog=/etc/ossim/agent/plugins/syslog.cfg
#snare=/etc/ossim/agent/plugins/snare.cfg
#tarantella=/etc/ossim/agent/plugins/tarantella.cfg
#fidelis=/etc/ossim/agent/plugins/fidelis.cfg
#rsa-secureid=/etc/ossim/agent/plugins/rsa-secureid.cfg
#cisco-acs=/etc/ossim/agent/plugins/cisco-acs.cfg
#fortiguard=/etc/ossim/agent/plugins/fortiguard.cfg

# monitors
#
#wmi-monitor=/etc/ossim/agent/plugins/wmi-monitor.cfg
#nmap=/etc/ossim/agent/plugins/nmap-monitor.cfg
#ntop=/etc/ossim/agent/plugins/session-monitor.cfg
#opennms=/etc/ossim/agent/plugins/opennms-monitor.cfg
#ossim-ca=/etc/ossim/agent/plugins/ossim-monitor.cfg
#ping=/etc/ossim/agent/plugins/ping-monitor.cfg
#tcptrack=/etc/ossim/agent/plugins/tcptrack-monitor.cfg
#nessus=/etc/ossim/agent/plugins/nessus-monitor.cfg
#whois=/etc/ossim/agent/plugins/whois-monitor.cfg
#malwaredomainlist=/etc/ossim/agent/plugins/malwaredomainlist.cfg
